VLC Media Player Multiple Vulnerabilities Jan15 (Windows) Network Vulnerability

Summary

The host is installed with VLC Media player and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code or cause a denial of service. Impact Level: System/Application

Solution

No solution or patch is available as of 27th January, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.videolan.org/vlc

Insight

Multiple Flaws are due to: - Improper input sanitization by 'picture_Release' function in misc/picture.c. - Improper input sanitization by 'picture_pool_Delete' function in misc/picture_pool.c.

Affected

VideoLAN VLC media player 2.1.5 on Windows.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/116451
http://osvdb.org/117450
http://packetstormsecurity.com/files/130004
http://seclists.org/fulldisclosure/2015/Jan/72

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9597, CVE-2014-9598
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari libxml Denial of Service Vulnerability
Apple Safari Webkit Multiple Vulnerabilities - March 2011
Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)
aMSN session hijack vulnerability (Windows)
Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities